After hackers believed to be Russian meddled in both the US and French elections, Germany is likely next on the target list. And this week the Chaos Computer Club, a German collective of hackers and security researchers, exposed the results of their unsolicited audit of the country's voting infrastructure. They found that a program called PC-Wahl, used for recording, counting, displaying, and analyzing votes in German elections from the local level to the national government. The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country's October parliamentary election. The CCC says that VOTE-IT, the company behind the software, privately fixed the security flaws the group exposed while publicly refusing to acknowledge the vulnerabilities.

These days, it's not just politicians who can use "dog-whistles" to send messages intended only for a very particular audience. So can hackers. Researchers at the University of Zhejiang have shown that they can send ultrasonic signals to voice assistants like your iPhone's Siri, Amazon's Echo, Google Now, and even the voice command systems of an Audi car that are inaudible to humans, but nonetheless picked up and obeyed by those systems. Their technique, which they call DolphinAttack, can be achieved with just a few dollars of equipment like an ultrasonic transducer and a battery, as well as a smartphone, and could allow hackers to silently "speak" to nearby devices and cause them to visit malware-infected websites, make calls that stream audio for surveillance purposes, or other mischief. And since the attack takes advantage of physical properties of the microphone that cause it to pick up commands from ultrasonic waves, there's no easy fix for the problem.

A bug announced this week in the Apache Struts web application software could allow attackers to take over servers running applications built with the framework, enabling the intruders to steal or manipulate sensitive data. The bug is now patched, but is significant because many organizations and Fortune 100 companies run and rely on affected applications. The vulnerability specifically impacts an Apache Struts plugin called REST that has been around since 2008. Vulnerable systems are everywhere, from public-facing platforms for banking and reservations to back-end software within a company, and researchers say exploiting the bug is simple using a web browser. They hadn't seen evidence that the bug was exploited before their announcement, but stressed how important it is for organizations to patch and monitor their systems.

Roughly 9,400 sensitive resumes, many from US veterans, were found accessible and exposed in a recruiting firm's Amazon Web Services server, according to Chris Vickery and other researchers at the UpGuard security firm. The resumes date back to 2008 and were from applicants applying to work for the private security group TigerSwan, which contracted with the third party TalentPen until February. Some of the applicants claimed in their resumes to have US government top secret clearance, and many detailed sensitive military and intelligence work. The documents also naturally included personal information like email addresses, phone numbers, home addresses, and even passport numbers and partial social security numbers. Some of the submissions were from Iraqi and Afghan nationals who worked with US organizations. "While criminals could use the deep knowledge of work experience and personal details ... the value of this database to foreign intelligence agencies if they were to access it is not insignificant," UpGuard noted.

Beginning on Tuesday, internet users in Togo began reporting slow or inaccessible internet and wireless connections, and lost access to communication platforms like WhatsApp, Facebook, and even SMS text messaging over cell networks. The country was experiencing widespread blackouts by Thursday, and some residents traveled to Togo's borders looking for connectivity leaking in from neighboring countries. The West African NGO Internet Without Borders and the internet infrastructure company Dyn both confirmed local reports. The blackouts are in response to extensive protests demanding Togolese President Faure Gnassingbé's resignation. Governments in countries like Gabon and Cameroon have used similar repression tactics to attempt to quiet dissent.

Related Video

Security

Worried About Your Weak Passwords? Here's How to Fix Them

Look, we get it. Remembering dozens and dozens of different passwords for different sites is next to impossible. But that doesn’t mean you should be reusing your passwords. That’s just asking for trouble.